Sotirios Maniatis

Introduction of the asymmetric cryptography in GSM, GPRS, UMTS, and its public key infrastructure integration

The logic ruling the user and network authentication as well as the data ciphering in the GSM architecture is characterized, regarding the transferring of the parameters employed in these processes, by transactions between three nodes of the system, that is the MS, actually the SIM, the visited MSC/VLR, and the AuC, which is attached to the HLR in most cases. The GPRS and the UMTS architecture carry the heritage of the GSMs philosophy regarding the user/network authentication and the data ciphering. So, the corresponding three nodes (MS, VLR, and HLR) of these systems are involved as well in the authentication and data ciphering procedures. Moreover, the methods of the conventional cryptography have been adopted by all three systems. This paper describes in brief the subscriber authentication and data ciphering, as they are recommended by the Specifications for all three aforementioned systems. Based on what the specifications define, we pinpoint the vulnerable points of the systems, exposed to third party attacks, and propose asymmetric cryptography procedures for their coverage, consisting of the introduction of public–private key pairs for the transactions between the VLR-HLR, as well as the MS-VLR. On the other hand, the nature of the services constituting a Public Key Infrastructure (PKI) renders the telecommunication operators the main candidates for the development of PKIs fully or partially fledged. The private–public key pair, stored by the PLMN operator in the SIM, for the GSM/GPRS case, or in the USIM for the UMTS case and created to deal initially with internal system functions, can easily be extended, adopted and employed in secure e/m-transactions, if bound to a digital certificate, in the case the PLMN operator supports PKI services as well.

Wireless convergence architecture: a case study using GSM and wireless LAN

The evolution of wireless networks has motivated the expansion of the static business environment to a mobile and wireless one. However, current and forthcoming wireless technologies are characterized by different attributes, regarding coverage area, offered bandwidth and delay. The transparent conjunction of various wireless technologies into a single mobile terminal can further boost the wireless explosion. This paper presents the Wireless Convergence Architecture (WCA) that incorporates different wireless interfaces under the same mobile terminal. Depending on the location and the availability of the underlying wireless network, automatic and seamless switching is performed to the most appropriate wireless network interface. Special care is taken to maintain continuous connectivity at the transport layer (TCP). WCA introduces software components both at the terminal and network side. A specific implementation is presented, based on two complementary wireless technologies – in terms of coverage area – an IEEE 802.11-compliant in the short local and a GSM in the wide area. To demonstrate the operational correctness of the architecture, experiments were performed using standard and proprietary networking applications.

Supporting QoS for Legacy Applications

Internet is widely known for lacking any kind of mechanism for the provisioning of Quality of Service (QoS) guarantees. The Internet community currently concentrates its efforts on mechanisms that support QoS in various layers of the OSI model. Apart from that, the Internet community is trying also to define the protocols, through which applications and users will signal their QoS requirements to the lower network layer mechanisms. The latter task, however, is not trivial, especially for legacy applications that cannot be modified and recompiled. This paper presents a framework for a middleware component that supports QoS for legacy applications. It mainly focuses on the support of a proxy-based framework for the identification of flows, the measurement of basic QoS parameters and the definition of an API that can be used by middleware components or even applications. The position of this proxy architecture in a reference network topology and the communication with other middleware entities is also discussed.

Towards the introduction of the asymmetric cryptography in GSM, GPRS, and UMTS networks

The logic ruling the user and network authentication as well as the data ciphering in the GSM architecture has been inherited by the General Packet Radio Services (GPRS) and the Universal Mobile Telecommunication System (UMTS) as well. So, in all these systems, three nodes are involved in the corresponding processes, namely, the mobile station (MS), the visitors location register (VLR), and the home location register (HLR). Moreover, the methods of the conventional cryptography have been adopted by all the three systems. A description of the subscriber authentication is given, as well as of the data ciphering, as they are recommended by the specifications regarding the aforementioned systems. Based on this analysis, we pinpoint the vulnerable points of the VLR-HLR and MS-VLR links, exposed to third party attacks, and we propose for their coverage asymmetric cryptography procedures, consisting of the introduction of public-private key pairs for the transactions between the VLR-HLR, as well as the MS-VLR.

Network services definition and deployment in a differentiated services architecture

Next generation Internet architectures will consider the differentiated services paradigm for the provision of quality of service to the individual customer needs and applications. This paper addresses the definition and deployment of specific network services in a DiffServ environment. The proposed network services and the underlying traffic engineering methods are analyzed and simulated. Simulation outcomes prove that the fundamental principles of the network services are fulfilled.

GIP: an infrastructure for mobile intranets deployment

The GPRS and UMTS specifications define the procedures supporting the mobility and the data sessions of a mobile user moving within the area of the corresponding PLMNs. For the case, though, of mobile users working in group, using a PLMN infrastructure, the aforementioned networks foresee no special treatment. However, services tightly related to a specific geographic area, like for example security or surveillance services, could be implemented by a group of collaborating Mobile Nodes forming a mobile intranet that uses the facilities of a PLMN. In this paper, after a description of what the specifications provide, methods are proposed for the deployment of intranets over the GPRS or the UMTS infrastructure. At this aim, the concept of the GIP is introduced regarding a frame of interconnected SGSNs, within the GPRS/UMTS environment. This frame supports, without the intervention of the GGSN, the mobility of a number of Mobile Nodes belonging to the same group, as well as the data traffic between them. Moreover, the additional tasks to be undertaken by the SGSNs forming the frame are described.

The end‐user application toolkit: a QoS portal for the next generation Internet

The support of quality of service (QoS) in the Internet has become one of the most important topics within the Internet community. The introduction of the Integrated Services (IntServ) and the Differentiated Services (DiffServ) architectures was a major breakthrough in this direction. Enhanced by the Bandwidth Broker concept, DiffServ aims to provide QoS in the Internet through the prioritization of some IP flows over others. However, up to now the DiffServ architecture lacks a standard mechanism for the interaction between users/applications and the Bandwidth Brokers (BB), so that end-to-end QoS can be achieved. In this paper we present a distributed middleware architecture for the transparent support of QoS in the Internet. The paper focuses on bridging the gap that currently exists between applications and the network and presents the end-user application toolkit (EAT). The EAT middleware provides a framework for the presentation of network services to users, the description and selection of QoS parameters, the forwarding of reservation requests and the verification of the accredited QoS level. Through the concept of application profiles, it aims to support QoS for legacy applications, that is, commercial applications that cannot be modified to support QoS. Copyright

GIP: an infrastructure for mobile intranets development

The GPRS and UMTS specifications define the procedures supportingthe mobility and the data sessions of a mobile user moving withinthe area of the corresponding PLMNs. For the case, though, ofmobile users working in group, using a PLMN infrastructure, theaforementioned networks foresee no special treatment. However,services tightly related to a specific geographic area, like forexample security or surveillance services, could be implemented bya group of collaborating Mobile Nodes forming a mobile intranetthat uses the facilities of a PLMN. In this paper, after adescription of what the specifications provide, methods areproposed for the deployment of intranets over the GPRS or the UMTSinfrastructure. At this aim, the concept of the GIP is introducedregarding a frame of interconnected SGSNs, within the GPRS/UMTSenvironment. This frame supports, without the intervention of theGGSN, the mobility of a number of Mobile Nodes belonging to thesame group, as well as the data traffic between them. Moreover, theadditional tasks to be undertaken by the SGSNs forming the frameare described.

Evaluating Common Privacy Vulnerabilities in Internet Service Providers

Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users’ needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

Resource allocation algorithms for intra-domain quality of service provisioning

Resource provisioning mechanisms play a crucial role in determining the level of quality of service offered by a network. Based on the current research activities, this paper presents a scalable and dynamic set of resource allocation mechanisms applied in the context of the AQUILA intra-domain architecture for providing QoS guarantees. We are focusing on the details of the interworking among the proposed resource allocation mechanisms, which take place at a different time-scale and are applied at different levels of the network architecture, highlighting the scalability features they convey. Finally, the presented trial results underline the performance and scalability offered by those mechanisms, which succeed in providing the expected QoS guarantees keeping simultaneously complexity and simplicity at a low level.